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(54) Data copyright management system 

(57) A system is provided which manages the copy- 
right of a plurality of data in a database. A data copyright 
management system is provided in which a primary user 
edits data which he or she obtains and supplies edited 
data to a secondary user. 

In a case where new data is produced by editing 
a plurality of encrypted data obtained from the database, 
and is encrypted for distribution to another person, crypt 
keys for a plurality of data as raw material and an edition 
program which is an editing process with a digital signa- 
ture are used as a use permit key When a user who 
receives the edited and encrypted data requests use of 
the data by presenting the digital signature to a copyright 
management center, the copyright management center 
identifies the editor by the digital signature, and provides 
the user requiring use of data with the crypt key for use 
only when the editor is identified to be the valid user of 
the edited data. The system confiprises a database and 
a key control center, and uses a primary copyright label, 
a first use permit key including a first crypt key, a second 
use permit key, a third crypt key, and a copyright man- 
agement program. The primary user uses primary cop- 
yrighted data encrypted by using the first aypt key and 
supplied, by deaypting it with the first use permit key 
obtained from the key control center. The data is 
encrypted again by using the first use permit key when 
it is stored. The primary user edits the primary copy- 
righted data by obtaining a second use permit key from 
the key control center for editing the primary copyrighted 
data. The data being edited is encrypted and stored by 
using the second use permit key At the completion of 
the editing, the primary user receives the third crypt key 
for secondary copyright as secondary exploitation right 
encrypts the edited data with the third crypt key. and dis- 



tributes it to a secondary user. The secondary user 
obtains the third crypt key and uses the edited data. 

In another system, in a case where a new data is 
produced by editing a plurality of data obtained from the 
database, and encrypted for distribution to another per- 
son, crypt keys for a plurality of data as raw material and 
an edition program which is as an editing process with a 
digital signature are used as a use permit key When a 
user who receives the edited and encrypted data 
requests use of the data by presenting the digital signa- 
ture to a copyright management center, the copyright 
management center klentifies the editor by the digital 
signature, and provides the user requiring data use with 
a crypt key for use only when the editor is identified to 
be the valid user of the edited data. 

FIG. 1 
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Description 

Reld of the Invention 

The present invention relates to a system for man- 
aging the copyright for the use of digrta) data, that is, the 
display, storage, copying, edition, and transmission of 
such data, which is particularly applicable to a multime- 
dia system. 

Background of the Invention 

As more and more information is available, database 
systems wherein many conputers, which independently 
stored various data, are connected via comnwnication 
lines to use the data mutually are becoming inaeasingly 
popular. 

Such database systems has been so far possible 
to process only coded information containing a small 
amount of information which can be processed by con- 
ventional computers and at ttie most monochrome 
binary data such as facsimile information, and failing to 
handle natural and moving pictures that include a sub- 
stantially large amount of information. 

Digital processing techniques for various electric 
signals are being developed, and efforts are being made 
to apply such techniques to those dynamic picture sig- 
nals other than binary data which were processed as 
analog signals. 

Since the digitalization of picture signals enables 
picture signals such as television signals to be handled 
by computers, people are viewing as a promising tech- 
nique a "multimedia system" that can deal witti both var- 
ious data UnaX can be processed by computers and 
picture data that is digitalized picture signals. 

Since picture data contains a significantly larger 
amount of information than character data or audio data, 
it cannot be stored, ft-ansmitled, or subjected to various 
processings by computers in its original form. 

Attempts have thus been made to compres- 
sion/expansfon picturedata, and somepicture data com- 
pression/expansion standards have been prepared. 
These standards include ttie following common stand- 
ards: ttie Joint Photographic Image Coding Experts 
Group (JPEG) standards for stilt pictures, the H. 261 
standards for video conferences, tfie Moving Picture 
Image Coding Experts Group 1 (MPEG1) standards for 
picture storage, and ttie MP EG2 standards for both exist- 
ing television broadcasting and future high-precision tel- 
evision broadcasting. 

These techniques have enabled digital picture 
data to be processed in real time. 

Since analog data, which is conventionally popular, 
is degraded each time it is stored, copied, edited, and 
transmitted, littie notice has been taken of the control of 
the copyright associated with these operations. Digital 
data, however, is not degraded after repeated storage, 
copying, edition, and transmission, such control is signif- 
icant 



There has been no adequate method for control- 
ling tiie copyright for digital data; the copyright is man- 
aged based on the copyright law or relevant contracts. 
The copyright law singly establishes a compensation 

5 system for digital recording equipment 

A database not only has its contents referenced but 
is also used to effectively use data obtained through stor- 
ing, copying, and edition and transfer edited data to a 
different user through copying or transmission, or to 

w receive and register new data to a databasea. 

Although conventional databases have dealt witii 
only character data, datat>ases in multimedia system 
contain audio and picture data that is inherentiy analog, 
in addition to character data. 

15 Under these circumstances, the control of the cop- 
yright for data in databases is very important, but no cop- 
yright management means that is particularly applicable 
to secondary use such as copying, edition, and transmis- 
sion has been conpleted. 

20 The inventors have proposed in Japanese Patent 

Application 1994-46419 and Japanese Patent Applica- 
tion 1994-141004 a system for managing tiie copyright 
by forcing tiie user to acquire a permit key from the key 
comro! center tiirough a public telephone line, and in Jap- 

25 anese Patent Application 1994-132916anapparatusfor 
tills purpose. 

By irrproving tfiese inventions, the inventors have 
also proposed in Japanese Patent Application 1994- 
64889 a copyright management metiiod applicable to 

30 both the primary use of a database system such as ttie 
display (including audio output) and storage of dig'rtat 
data and the secondary use such as copying, edition, 
and h^nsmission, including the realtime transmission of 
digital picture. 

35 To manage the copyright for a database system, tiiis 
database copyright management metiiod uses in tiie 
database system a program and copyright information 
required to manage tiie copyright in addition to a key for 
permitting to use which is transmitted to the user. 

40 The copyright management program watches 
and manages to prevent users from using other than tiie 
conditions of users' request or permission. 

The inventors have also proposed in Japanese Pat- 
ent Application 1994-237673 a database copyright man- 

45 agement system for specifically implementing tiie 
database copyright management method proposed in 
Japanese Patent Application 1994-64889 described 
above. 

The system proposed in Japanese Patent Appli- 
50 cation 1994-237673 comprises a key management 
center tfiat rtianages a crypt key K and a copyright man- 
agement center that manages the database copyright. 
According to this system, all the data delivered from a 
database is encrypted by a first crypt key K1 , and a pri- 
55 mary user who wishes to uses data directly from ttie 
database requests the key management center for ttie 
key K corresponding to the specific usage by presenting 
information II on ttie user to tiie center. In response to 
ttie primary usage request from ttie primary user, ttie key 
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management center transfers the information II on the 
user to the copyright management center. On receiving 
the information II, the copyright management center 
transfers this information II with a copyright manage- 
ment program Pc to the key control center. On receiving 
the copyright management program Pc, the key control 
center transfers the first crypt key K1 and a second crypt 
key K2 con-esponding to the specific usage together with 
the copyright management program Pc to the primary 
user via a communication network On receiving the first 
crypt key K1 . the primary user uses this key to decrypt 
the data. The user subsequently uses the second crypt 
key K2 to encrypt and decrypt data when storing, copying 
or transmitting the data. 

In cryptographic techniques, the use of the crypt key 
K to encrypt a plaintext M to obtain a cryptogram C is 
expressed as: 
C = E (K, M) 

while the use of the crypt key K to decrypt the cryptogram 
C to obtain the plaintext M is expressed as: 
M = D (K. 0). 

These expressions are used hereafter in this spec- 
ification. 

If data is copied to an externa! record medium or 
transmitted without being stored, the first and second 
crypt keys K1 and K2 are disued. If the primary user 
wishes to use the data again, the first and second crypt 
keys Kl and K2 are re-delivered to the user from the cop- 
yright management center. The re-delivery of the second 
crypt key K2 indicates a confirmation that the data has 
been copied or transferred to a secondary user, and this 
is recorded in the copyright management center. 

In requesting a secondary usage to the copyright 
management center, the secondary user presents the 
information 11 on the primary user and information 10 on 
the original copyright to ttie copyright management 
center. 

The copyright management center transmits to 
the secondary user a permit key Kp corresponding to the 
specific usage with a second crypt key K2 (viewing per- 
mit key), a third crypt key K3 (a permit key con-esponding 
to the specific usage), and the copyright management 
program Pc which have been enaypted. 

Typical means used for encrypting data include 
secret-key cryptosystem and public-key cryptosystem. 

The secret-key ayptosystem uses the same 
secret crypt key Ks for both encryption and decryption: 
CmKs = E (Ks. M) 
M = D (Ks, Cmks). 

In the public-key crypt system, a key for encryption 
is open as a public-key, while a key for decryption is not 
open and is called a private-key. To use this ayptosys- 
tem, a n information provider encrypts using the public- 
key Kb for a receiver 
Cmkb = E(Kb. M), 

while the receiver receiving the encrypted data decrypts 
it using the private-key Kv that is not open 
M = D (Kv, Cmkb). 



In the application submitted simultaneously with this 
application, the inventors have proposed an invention 
that employs a first public-key Kbi , a first private-key Kvl 
corresponding to the first public-key Kbi . a second pub- 

5 lie-key Kb2S. and a second private-key Kv2 con-espond- 
ing to the second public-key Kb2 which are prepared by 
tiie user, and a first secret-key Ksl and a second secret- 
key Ks2 prepared by the database. The database uses 
tiie first seaet-key Ksl to encrypt data M 

10 Cmks1 = E(Ks1.M) 

and furtiier encrypts the firstsecret-keys Ksl by the first 
public-key Kbi 
Ckslkbl = E(Kb1,Ks1) 

and encrypts the second secret-key Ks2 by the second 
15 pii)lic-key Kb2 

Cks2kb2 = E(Kb2, Ks2): 

the database then transmits these encrypted data 

Cmksl and the first and the second secret-keys CKsl 

and Cks2kb2 to the user; 
20 the user decrypts the first secret-key Ckslkbl 

using the first private-key 

Kvl 

Ksl =D (Kvl. Ckslkbl). 

and deaypts tiie encrypted data Cmksl to use by 
25 decrypted first secret-key Ksl 
M = D(Ks1. Cmksl). 

and the encrypted second secret-key Cks2kb2 by the 
second private-key Kv2 
Ks2 = D (Kv2, Cks2kb2): 
30 and decrypted second seaet-key Ks2 is used for 

data storage/copy/transfaer after data decryption. 

SUMf^ARY OF THE INVENTION 

35 The database copyright management system pro- 
posed in Japanese Patent Application 1994-237673 
assumes that a single data or database is used in the 
system, and not that ttiat a plurality of data or databases 
are edited to produce new data. 
40 The inventors ttius proposes in this application a 
data copyright management system assuming that a plu- 
rality of data or databases are edited to produce new 
data. 

If a plurality of enaypted data obtained from one or 
45 more databases are edited to produce and enaypt new 
data and if the enaypted data is then supplied to a dif- 
ferent user, this system employs as a use permit key. 
both a crypt key for each of tiie plurality of data tiiat are 
a source material and data of an edition program used 
50 as an edition process with a digital signature. 

Upon receiving edited and enaypted data, a differ- 
ent user requests tiie use of the data by presenting the 
data with the digital signature to the copyright manage- 
ment center. The copyright management center then 
55 identifies from ttie digital signature the person who has 
edited the data, and supplies a key for using the data to 
ttie user when requested ttie use only If it has confirmed 
ttiat the person who has edited the data is a valid user 
of this data. 
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In another system, a primary user who requires to 
use originat data encrypted and sillied using the first 
crypt key requests the key control center to sent primary 
use permit key The key control center distritxrtes the pri- 
mary use permit key to the primary user and charges 
therefor. 

The primary user decrypts encrypted data using 
the first crypt key included in the first use permit key to 
use the data. When decrypted data is stored in the pri- 
mary user device, it is encrypted again using the first use 
permit key 

The primary user who requires to edit data 
requests the key control center for distributing secondary 
use permit key for data edition. The key control center 
distritxites the secondary use permit key to the primary 
users. The primary user who receives the secondary use 
permit key produces the copies of primary copyrighted 
data, edit copied data, encrypts decrypted secondary 
data during edition by the second crypt key included in 
the secondary use pennit key. 

Rnally edited data is encrypted using the third 
crypt key and stored in the primary user device. TTie pri- 
mary user registers the third crypt key into the key control 
center in order to execute the secondary copyright as 
secondary exploitation right with reference to the data 
edition for the secondary copyrighted data, encrypts the 
secondary data using the third crypt key and supplies 
the secondary user with such data by copying it to an 
external medium or by transferring it via a network sys- 
tem. 

The secondary user who requires enaypted sec- 
ondary data requests the key control center for distribut- 
ing the third crypt key The key control center distributes 
the third crypt key to the secondary user. 

The secondary user who receives the second 
crypt key decrypts enaypted secondary data using the 
second aypt key to use it 

BRIEF DESCRIPTION OF THE DRAWINGS 

Rgure 1 is a block diagram of an embodiment of a 
data copyright management system according to this 
invention. 

Figure 2 is an example illustrating of producing 
new copyrighted data using a plurality of copyrighted 
data as objects. 

Figure 3 is an outlined block diagram of another 
entxxliment of data copyright management system 
according to this invention. 

Figure 4 is an example illustrating of producing 
new copyrighted data using a plurality of copyrighted 
data as objects. 

DETAILED DESCRIPTION OF THE PREFERRED 
EMBODIMENT 

An embodiment of this invention is described with 
reference to the drawings. 

Figure 1 shows a block diagram of a data copy- 



right management system according to this invention. 
The data stored in the database In this system is not 
encrypted. 

In addition to databases, the embodiment in Jap- 

5 anese Patent Application 1994-237673 uses satellite 
broadcasting or a storage medium as a means for sup- 
plying data. In the embodiment shown in this application, 
however, only databases are shown as a means for sup- 
plying data for the convenience of explanation. Of 

10 course, however, this Invention is applicable to the use 
of satellite, ten*estoriaI wave or CATV broadcasting that 
is free due to advertisement and the like and this does 
not require encryption, or a record medium as well as 
databases as a means for supplying data. 

75 If a primary user copi es data obtained and then sup- 
plies it to a secondary user, the data does not involve the 
copyright of the primary user because no modifications 
have not been made to the data. If. however, the primary 
user produces new data based on tiie data obtained or 

20 using a means for combining the original data with other 
data, tiie new data involves a secondary exploitation for 
the primary user. 

Similariy, if ttie secondary user produces new 
data based on the data obtained from the primary user 

25 or using a means for combining the original data with 
other data, the new data involves a secondary copyright 
as secondary exploitation right for the secondary user. 

In the embodiment shown in the figure, reference 
numerals 1 . 2, and 3 designate databases that store text 

30 data or binary, audio, and/or picture data constituting 
computer grapNcs screens or programs, the data which 
is not encrypted: 9 is a comnwnication line such as a 
public telephone line provided by a communication 
enterprise or a CATV line provided by a cable television 

35 enterprise; 4 is a primary user terminal; 5 is a secondary 
user terminal; 6 is a tertiary user terminal; and 7 is an n- 
th user terminal de\rtce. In addition, reference numeral 8 
designates a copyright management center for manag- 
ing the data copyright. 

40 The databases 1 , 2, and 3, copyright management 
center 8, primary user terminal.4, secondary user termi- 
nal 5, tertiary user terminal 6, and n-th user terminal 7 
are connected to a communication line 9. 

In this figure, encrypted data is transmitted via the 

45 path shown by a broken line, requests are transmitted 
from tiie user terminal 4, 5, 6, or 7 to the database 1 , 2, 
or 3 and ttie copyright management center 8 via the path 
shown by a solid line, the permit key, copyright manage- 
ment program, and crypt key corresponding to a specific 

50 usage are transmitted from the database 1 , 2. or 3 and 
the copyright management center 8 to the user terminal 
4, 5, 6, or 7 via the path shown by an one-dot chain line. 

This emtxxiiment employs a first public-key Kbi, a 
first private-key Kv1 corresponding to the first public-key 

55 Kbi , a second public-key Kb2, and a second private-key 
Kv2 corresponding to the second public-key Kb2 which 
are prepared by ttie user, and a first secret-key Ksl and 
a second secret-key Ks2 prepared by the database. The 
database uses the first secret-key Ksl to enaypt data M 
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Cmks1 = E(Ks1,M) 

and further enaypts the first seaet-key Ksl by the first 
public-key Kbi 
CkslKbl =E(Kb1.Ks1) 

and the second secret-key Ks2 by the second public-key 
Kb2 

CKs2kb2 = E (Kb2, Ks2). 

The database then transmits these encrypted data 
Cmksl and the first and the second secret-keys Cks1 kbi 
and Kcs2kb2 to the user. 

Ttie user decrypts the encrypted first secret-key 
Ckslkbl using the first private-key Kv1 
Ks1 =D(Kv1.CKs1kb1), 

and decrypts the encrypted data Cmksl by the 
decrypted first secret-key Ksl 
M = D(Ks1. Cmksl) 

and use it. And further, the user deaypts encrypted sec- 
ond secret-key Cks2kb2 by the second private-key Kv2 
Ks2 = D(Kv2.Cks2kb2). 

which is subsequently used as a crypt key for storing, 
copying, or transmitting data. 

If a primary user 4 copies data obtained and then 
supplies it to a secondary user 5. the data does not 
involve the copyright of the primary user 4 because no 
modifrcations have not been made to the data. If, hew- 
ever, the primary user 4 produces new data based on 
the data obtained or using a means for combining the 
original data with other data, the new data involves a sec- 
ondary exploitation right for the primary user 4, and the 
primary user 4 has the original copyright for this second- 
ary work. 

Similarly, if the secondary user 5 produces new 
data based on the data obtained from the primary user 
4 or combining with other data, the new data involves a 
secondary exploitation right for the secondary user 5, 
and the secondary user 5 has the original copyright of 
this secondary work. 

The databases 1 , 2, and 3 store text data or binary, 
digital audio, or digital picture data constituting computer 
grapl^cs screens or programs, the data which is not 
encrypted. This data is encrypted and supplied to the 
user tenninal 4 via the communication line 8 during a 
data reading operation in response to a request from the 
primary user terminal 4. 

The data copyright obtained from tfie database is 
managed by the method described in Japanese Patent 
Application 1994-237673 or in the application submitted 
simultaneously with this application. 

A summary of the applications proposed by the 
inventors of this invention are shown below. 

Both the secret-key and public-key cryptosystems 
are adopted as crypt methods. Although the use of the 
put>Iic-key cryptosystem in the encryption of data 
improves the security of encrypted data, the encryption 
of data containing a large amount of Information using 
the same system requires a significantly long time for 
decryption and is not practical. 

The amount of information contained in crypt 



keys, however, is not so large as that in data because 
such keys must be operated by human beings. 

This copyright nrtanagement system en^^loys a first 
public-key Kbi , a first private-key Kvl conresponding to 
5 the first public-key Kb1 , a second public-key Kb2 , and a 
second private-key Kv2 conresponding to the second 
public-key Kb2 which are prepared by the user, and a 
first and a second secret-keys Ksl , Ks2 prepared by the 
database. 

10 The database uses the first secret-key Ksl to 
encrypt data M 
Cmksl =E (Ksl. M) 

and further encrypts the first secret-key Ks1 using the 
first public-key Kbi 
IS Ckslkbl =:E(Kb1. Ksl) 

and the second secret-key Ks2 using the second public- 
key Kb2 

Cks2Kb2 = E(Kb2. Ks2). 

The database then transmits these encypted data and 
20 first and second secret-keys Ckslkbl. Cks2kb2 to the 
user. 

The user decrypts the encrypted first secret-key 
Ckslkbl using the first private-key Kvl 
Ksl =D (Kvl, Ckslkbl). 
25 and decrypts the encrypted data Cmksl using the 
decrypted first secret-key Ksl 
M = D(Ks1. Cmksl) 

to use it. and decrypts the encrypted second secret-key 
Cks2kb2 by the second private-key Kv2 which is to be 

30 used in subsequent staing, copying or transmitting 
decrypted data. 

The edition of a plurality of data to produce new data 
is desaibed with reference to Rgure 2. 

As shown in thisf igure. the primary user 4 extracts 

35 parts M4. M5 and M6 constituting data from a plurality 
of data Ml , M2 and MS obtained from one or more data- 
bases, and produces new data M7 from these parts M4. 
M5 and M6. 

The primary user 4 supplies the new data M7 to the 
40 secondary user 5; the new data M7 involves a secondary 
coyright associated with the edition of original data Ml. 
M2 and M3 as well as the original copyright for the orig- 
inal data Ml, M2 and M3 from which the parts M4. M5 
and M6 produces new data M7. 
45 The original data Ml, M2 and M3 are encrypted 
using the second secret-key Ks2 supplied with each of 
data Ml . M2 and M3 when used for operation other than 
display: i.e., storage, edition, copying or transmission: 
Cm1ks2 = E(Ks2.M1) 
50 Cm2ks2 := E (Ks2, M2) 
Cm3ks2 = E (Ks2, M3). 

The data M4, MS and M6, parts of original data are also 
encrypted using the second secret-key Ks2 supplied with 
each data when used for operation other than display: 
55 Cm4ks2 = E(Ks2,M1) 
Cm5ks2 = E (Ks2. M2) 
Cm6ks2 = E (Ks2. M3). 

The new data comprises the original data and the 
process that the data has been edited. 
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In the computer technology, the edition of data is 
represented by original data and an edition process for 
it Furthermore, the original data and edition process can 
be represented byacomputer program and thedata writ- 
ten in the computer program. The program and data that 5 
have been an entire unit are refen-ed to as "object", and 
the computer processing about objects is called an 
object-oriented technology, which has recently become 
most popular among the computer technologies. 

The technique for producing new data from a plu- w 
ratity of data parts is called a frame work or scenario; the 
"Object Linking and Embedding" (OLE) program from 
Microsoft Corp. and "OpenDoc" from Apple Computer 
Inc. are typical exanples. 

This invention treats as objects the relationship 15 
between original data parts and a frame workor scenario 
constituf ing an edition process, in addition to the original 
data parts. 

"The primary user 4 who has edited the data provides 
a digital signature for edition program Pe using first Pri- 20 
vate-key 

Spe = D(Kv1.Pe) 

and supplies encrypted original data parts CnfT4ks2, 
Cm5ks2 and Cm6ks2 to secondary user 5 together with 
the edition program Pe with digital signature. 25 

Upon receipt of the encrypted original data parts 
Cm4ks2, Cm5ks2 and Cm6ks2, and the edition program 
Pe, the secondary user 5 requests second secret-key 
Ks2 for decryption of the encrypted original data parts 
Gm4ks2. Cm5ks2 and Cm6ks2 to the copyright manage- 30 
ment center 8, by presenting the edition program Pe with 
digital signature. 

The data copyright management center 8 identifies 
the prifmry user 4 from the presented digital signature 
in tile edition program Pe, using first public-key Kbi 35 
Pe = E(Kb1.Spe). 

and determines if the primary user 4 is a valid user to 
use ttie original data to which the second secret-key Ks2 
that has been requested corresponds. If the primary user 
4 Is a valid user, the cemter transmits the second seaet- 40 
key Ks2 to the secondary user 5. Otiienwise, it does not 
transmit the second secret-key Ks2 to the secondary 
user 5. 

The digital signature Spe presented to the copyright 
management center 8 is registered In the center as a 45 
valid procedure for authorizing secondary copyright 
owner. 

This system may limit appropriate n-order usage 
according to determination in practice by the database 
or original copyright owner, not permanetly repated so 
usage from primary use till n-order use, and may make 
data which has been used certain-order be registered as 
next original data. 

Another embodiment is described by refemng to 
Figures. 55 

TNs system uses primary use permit key K1 
including first secret-key Ks1 , secondary use permit key 
K2 including second secret-key Ks2, tiiind secret-key 
Ks3. plaintext original copyright label Lcl and plaintext 



copyright management program Pc. 

The data copyright management system shown 
in Figure 3 comprises database 11, key control center 
12, users 13, 13. 13 ... and the network 1 4 ttiat connects 
these therewith mutually Database 1 1 receives data 
from information providers (IP) 15, 15, 15.... However, in 
some cases, data is supplied directly to users 13 from 
information providers 16, 16, 16... via network 14 witiiout 
intervening database 1 1 . 

The data used in this invention is the object com- 
prising combined program and data. 

Data is supplied from information providers 15, 
1 5, 1 5 ... to database 1 1 and to primary users 1 3. How- 
ever, in some cases, data is supplied from information 
providers 16, 16, 16... via network 14 or via information 
record medium 17 such as CD-ROM or the like directly 
to primary users 13 without intervening database 11. 

The solid line, broken line and one-dot chain line 
in this figure show the patii for data and requests for crypt 
keys, path of encrypted data and path of encrypt keys, 
respectively 

Primary users 1 3 are not merely users but can be 
information providers 15 or 16 tiiat provide new data 
(secondary copyrighted data) by combining or revising 
obtained plural original data. 

In tiie data copyright management system compris- 
ing in this way according to this invention, the original 
data provided by each of information providers 15 and 
16 has been encrypted to protect the copyright There- 
fore, the use of the encrypted original data obtained by 
users 13 needs decryption. All of the crypt keys for this 
decryption are deposited to key control center 12 to be 
controlled by this center. 

Each of information providers 15 and 16 can 
adopt freely any cryptosystem. However, tiie cryptosys- 
tem described later and used after secondary utilization 
of ddata is limited to oen adopted by key control center 
12. 

The data obtained from databases are normally 
used through personal computers. The operating system 
used for fliis purpose requires incorporated functions for 
ensuring security control. Copyright nianagement pro- 
gram is used to control crypt keys. As it is necessary to 
store tiiis copyright management program and ttie crypt 
keys received from key control center 12, for example, a 
key card which is virtually iniplemented as hardware in 
unique board or PC card, or as software in the memory 
or HDD is used for the storage area. 

irrespective of whett^er key control center 12 is actu- 
ally used or merely registered, it stores crypt key to pro- 
tect ttie copyright of data works and to charge for using 
the copyright and controls aypt key by establishing tiie 
correspondence between stored crypt key and copyright 
labels. 

fn this system, plaintext original data MO is 
encrypted by Ifirst secret-key Ksl 
CmOksl =E(Ksl.MO), 

and is provided to primary users 1 3 from information pro- 
viders 1 5 via database 1 1 and network 1 4, or from infor- 
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mation provider 16 via network 14, or via Information 
record medium 17 such as CD-ROM. together with orig- 
inal copyright label Lcl. 

Original plaintext copyright label UO is attached to 
encrypted original data CnnOksl provided for primary s 
users 13, and which is used for obtaining primary use 
permit keys, etc. Namely, encrypted original data 
CmOksl includes plaintext original copyright label LcO 
and encrypted original data CmOksl . The name of appli- 
cation programs in use, outlined explanation, fees and u 
charging method are entered into plaintext original cop- 
yright label LcO in addition to general information includ- 
ing the name of original creator, title name and aeateed 
date. The number of use permit keys is also entered if 
necessary. Digital signature by original creator added to is 
plaintext original copyright label LcO prevents false cop- 
yright claiming. 

Primary users 13 who require use of encrypted orig- 
inal data CmOksl request key control center 12 via net- 
wortc U for distributing primary use permit keys K1 20 
indicating original copyright label Lcl. 

Key control center 1 2 that has identified primary use 
permit keys to be distributed, by original copyright label 
Lcl indicated, is key K1 . distributes this identified key to 
primary users 1 3 via netwak system 1 4. Upon receip of 25 
distributed primary use permit key k1, the devicess of 
primary userss 13 are turned to the mode of copyright 
management, and the use of primary copyrighted data 
becomes available for primary users 13. As the first 
secret-key Ksl is included in primary use permit key k1 , 30 
it is not recognized by primary users 13. 

On the other hand, key control center 12 charges 
as well as grasps the use condition of copyrighted data 
and of the database used by primary users 13. 

Primary users 13 deaypt encrypted primary copy- 35 
righted data CmOksl using first secret-key Ksl included 
in primary use permit key K1 
MO = D (Ksl, CmOksl). 
and use it. 

When decrypted original data MO is stored In pri- 40 
mary users 13 devices, it is enaypted again by first 
secret-key Ksl 
CmOksl =E (Ksl. MO) 

and encrypted original data CmOksl is stored. 

For repeated use of encrypted original data 45 
CmOksl, repeated decryption and encryption are carried 
out using first secret-key Ksl . 

Primary users 13 who require to edit originar copy- 
righted data MO request key control center 12 for distrib- 
uting secondary use permit key K2 via networi< 1 4. 50 

Key control center 12 requested for distributing sec- 
ondary use permit key K2 provkles primary users 1 3 with 
secondary use permit key k2 via network 14. 

Primary users 13 that have received secondary use 
permit key K2 edit original data MO and obtain halfway 55 
edited data MO'. 

When halfway edited data MO' Is stored in users 13 
devices, it is encrypted by second secret-key Ks2 
Cm0'ks2 = E (Ks2. MO"). 



When the edition is finally completed, primary 
users 1 3 prepare third seaet-key Ks3 in order to execute 
the secondary copyright with reference to the data edi- 
tion concerning final editorial data Ml . and register third 
secret-key Ks3 into key control center 1 2. Ihe key control 
center 1 2 also may prepare third secret-key Ks3 and dis- 
tribute it in response to the request from primary users 
13. 

When primary users 13 copy editorial data Ml into 
external reecord medium 1 8 or transfer it via network 1 4. 
they encrypt editorial data using third secret-key Ks3 
Cm1ks3 = E(Ks3,M1) 
and provide it for secondary users 1 9. 

Secondary users 19 who require to use providKl 
encrypted editorial data Cm1ks3 request key control 
center 1 2 for distributing third secret-key Ks3 via network 
14. 

Key control center 12 that has received the 
request for distributing third secret-keys Ks3 from sec- 
ondary users 19 distributes third secret-key Ks3 to sec- 
ondary users 19 via network 14. 

Secondary users 19 who have received third 
secret-keys Ks3 decrypt encrypted editorial data 
Cm1ks3 using third secret-key Ks3 
M1 = D(Ks3, Cm1ks3) 
and use it. 

When using encrypted data Cm1ks3 again, 
decryption and encryption are carried out using third 
secret-key Ks3 also in this case. 

This section describes the restrictions applicable to 
the primary use carried out by copyright management 
program Pc. 

Similariy to the invention described in prbr Patent 
Application 1994-64889. the usage of the data obtained 
and decrypted according to the data copyright manage- 
ment system according to the invention is limited to nor- 
mal form of use. namely, direct use of data and the output 
including the printing of usage results. Copying into 
external reecord medium, edition and transfer via net- 
work system, and, in principle, data storage inside 
devices are impossible. On the other hand, the storage 
of encrypted data possible. 

It goes without saying that it Is possible to display, 
print, store, copy, edit and transfer the data of which cop- 
yright has not been claimed with reference to the appli- 
cation programs in use. 

Enaypted original data CmOksl that primary users 
1 3 have obtained from external information providers 15 
or 1 6directly or via database 1 1 is combing with original 
copyright label LcO and stored In storage such as the 
hard diskdriveor non-volatile memory inside the primary 
users 13 terminals. 

Primary users 13 who require primary use of 
encrypted original data CmOksl stored in memory iden- 
tify the application environment of the program used by 
original data MO, refemng to plaintext original copyright 
label Lcl. 

When the original data MO is determined to use pos- 
sible as a result, and primary users 13 indicate to the 
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copyright management program Pc of using this original 
data MO, the copyright management program Pc acti- 
vates application programs used by original data MO and 
then, encrypted original data CmOksl is read from stor- 
age into the volatile memory in the devices. 

On the other hand, primary copyright label Lc1 is 
sent to key control center 1 2. When primary use permit 
key K1 is provided pursuant to the above processing flow, 
encrypted original data CmOksl is decrypted using the 
first secret-key Ksl included in primary use permit key 
K1 

MO = D (Ksl. CmOksl), 

and its use becomes possible by means of the activated 
application program. 

In the case original data MO that has been decrypted 
in the volatile memory of primary users 13 terminals is 
to be stored in storage, it is encrypted using first seaet- 
keyKsl 

CmOksl =D (Ksl, MO). 

This storing includes the produce and storage of 
temporary file for data security. 

When using again re-encrypted data CmOksl. 
repeated decryption/encryption are carried out using 
first secret-key Ks1. 

In use of primary use permit key K1 , it is possible 
to display and print decrypted original data MO and store 
encrypted original data CmOksl by copyright manage- 
ment program Pc. However, other form of usage; namely, 
store, edit, copy of decrypted original data MO. copy into 
external record medium and transfer it to other devices, 
and also copying encrypted original data CmOksl into 
external record medium and transferring it to other 
devices are prohibited. 

Therefore, it is prohtoited to perform cut and paste 
from a part of original data MO to other general data D. 
and to cut a part of general data D and paste it to original 
data MO by means of copyright n\anagement program 
Pc. 

It is exceptionally possible to store original data 
MO in storage if it is with encrypted by first secret-key 
Ksl. However, storage is prohibited if any edition has 
been performed. 

Copyright control program Pc distinguishes the orig- 
inal data MO from the general data D of claiming no cop- 
yright and judge whether original data MO has been 
edited or not. 

The above determination is carried out by exam- 
ining the look-up table in which file attribute is written, 
comprising computer file together with file body. In this 
look-up table, in addition to the file size and produced 
date, a flag is written to show the copyright has been 
claimed. By examining these items, it is possible to judge 
whether the copyright has been claimed and whether the 
file has been edited. 

Original data MO is combined with original copyright 
label Lcl as encrypted original data CmOksl when it is 
stored in a storage. When it is decrypted and read into 
volatile memory, decrypted original data MO and original 
copyright label Lcl are separated by copyright manage- 



ment program Pc, and the separated copyright label Ul 
is controlled by copyright management program Pc. 

Copyright management program Pc watches 
which application program is used for original data MO, 
5 and prohibits to cut and paste original data MO on general 
data D and to cut and paste general data D on original 
data MO. 

This section describes the restrictions applied to 
data edition by copyright management program Pc. 
10 The primary users 13 who desire to edit original 
data MO after primary usage, inform key control center 
1 2 of the execution of original data MO edition via network 
1 4. and request key control center 1 2 for distributing secr 
ondary use permit key K2 for original data MO edition. 
15 Key control center 1 2 that has been requested for 

distributing secondary use pennit key K2 distributes the 
key K2 to primary users 13 via networi< system 14. 

By this, the primary users 13 terminal are 
changed to edit mode, and original data MO edition by 
20 primary users 13 becomes possible. 

After decrypting encrypted original data CmOksl 
using first secret-key Ksl. primary users 13 display and 
edit data. In this case, original data MO is copied at the 
beginning to protect It, and then, edition is applied to edi- 
25 torial data MO' obtained by this copying. 

When this editorial data MO* or data MO" on the 
way of edition is stored in the storage inside the primary 
users 13 terminals, they are encrypted by the second 
secret-key Ks2 included in secondary use permit key K2 
30 for storage: 

CmO'ks2 = {Ks2. MOO. or 
CmO"ks2 = (Ks2, MO"). 

Encrypted original data MO is stored in the stor- 
age without being edited. Therefore, it is possible to 
judge whether the file is edited or not by examining the 
look-up table, the file size and date of producing of data 
MO" on the way of edition or edited data Ml . 

Plural primary edited data M11. M12, M13 ... are 
produced by data edition. The secondary copyright of 
primary users 13 as secondary exploitation right arises 
in these primary edited data M1 1 , M12, M13 .... These 
primary edited data Ml 1 , M12, M13 are uncrypted when 
they are in the volatile memory of the primary users* ter- 
minals. However, when they are stored in a storage, they 
are encrypted using second secret-key Ks2 
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CiQllks2 = B (Ks2, Mil) 

Cffll2ks2 = B (Ks2. M12) 

CiDl3ks2 = E (Ks2. M13) 



For the purpose of practice secondary copyright 
with reference to these primarily edited data M11, M12, 
M 1 3 . . . , primary users 1 3 request key control center 1 2 20 
via network 14 for distributing third secret-key Ks3. In 
response to the request, key control center 1 2 distributes 
third secret-key KsS to primary users 13. 

Primary users 13 who have received third seaet- 
key s Ks3 encrypt plaintext or decrypted primarily edited 25 
data Mil. M12, M13 ... using third secret-key 

Ks3CiQllks3 = E (Ks3. Mil) 
Cnil2ks3 = E (Ks3. M12) 
CQil3ks3 = E (Ks3. M13) 



and encrypted primarily edited data Cml 1 ks3. Cml 2ks3 
and Cml 3ks3 ... are stored in the storage inside primary 45 
users terminals. 

When using these encrypted data Cm11ks3, 
Cm12ks3 and Cm13ks3 .... deaypting and encrypting 
are carried out by third secret-key Ks3. 

!n primarily edited data Ml 1 , M12, Ml 3 ... edited by so 
primary users 13. the secondary copyright of primary 
users 13 is present in addition to the primary copyright 
of the original data MO on information providers before 
being edited. For the purpose of practice this secondary 
copyright, primary users 1 3 send the title of data, name ss 
of application program, outlined content and the name 
of primary copyright owner together with third secret-key 
Ks3 to key control center 1 2, which are to be stored andd 
managed by key control center 12. 
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On the other hand, primary users 13 provkle 
enaypted primarily editeddata Cm ilks3, Cm 12ks3 and 
Cml3ks3 ... for secondary user&19 through copying 
these data into external record medium 18 or by trans- 
femng them via networi^ 14. 

Tlie secondary users 1 9 who require to use provided 
encrypted primarily editeddata Cml 1ks3, Cm12ks3 and 
Cml 3ks3 . . . request key control center 1 2 for distributing 
third use permit key K3 including third secret-key Ks3. 
The usage of primarily edited data Ml 1. M12 and M13 
... by this use pennit key K3 is limited to general use 
succh as display and print and the storing into the stor- 
age inside the users terminals. It is not allowed to copy 
primarily edited data M1 1 . M12 and M13 ... or encrypted 
primarily edited data Cm11ks3. Cm12ks3 and Cm13ks3 
... into external record medium 18, to transfer these to 
tertiary users via network 1 4 and to repeat editing prima- 
rily edited data Ml 1. M 12 and Ml 3 .... 

As described above, the objective of the copyrighted 
data in this invention Is the "object" where the programs 
and data are integrated. The object can be processed as 
parts-like through computer programming or various 
types of processing. 

Producing new editorial data using plural original 
data that are the objects, will be described referring to 
Figures 4 and 3. 

The refence numerals 31, 32 and 33 in FIG. 4 are 
the original data M31 , M32 and M33 that comprise each 
object for which copyright is claimed. Primarily edted 
data M30, 30 is produced using these original data M31 , 
M32 andM33. 

The number of editorial forms applicable to origi- 
nal data M31, M32 and M33 are three. Tlie first is the 
primary editorial data M34 shown in 34 where the whole 
portion is used. The second Is the primary editorial form 
M35 shown in 35 where a part is used. The third is the 
primary editorial data M36 shown in 36 where the data 
is used after revision. 

Original data is edited by linking copyrighted data by 
object-unit, refen-ing. embedding and combining it It is 
possible to embed and combine copyrighted data freely. 

It is also possible to add other matters on the pri- 
marily edited data M37. 37 that have been thus com- 
bined and embedded in this way. 

The primarily edited data M30, 30 newly produced 
in this way consists of object assembly. 

As described above, in the primarily edited data M30 
produced in this way, the secondary copyright of primary 
users 1 3 in the edition newly arises in addition to the cop- 
yright of original data M31 , M32 and M33. 

For practice this secondary copyright of primary 
users 1 3, it is necessary to encrypt primary editorial data. 
For this purpose, primary users 13 prepare third secret- 
keys Ks34, Ks35 and Ks36 corresponding to each of pri- 
mary editorial data M34, M35 and M36, encrypt plaintext 
primary editorial data M34. M35 and M36 using third 
seaet-keys Ks34, Ks35 and Ks36 
Cm34ks34 = E (Ks34. M34) 
Cm35ks35 = E (Ks35, M35) 
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Cni36ks36 = E{Ks36,M36), 

and provide them for secondary users 1 9 by copying into 

external record medium 18 or by transfo-ring via network 

14. 

In addition, primary users 13 register third seaet- 
keys Ks34. Ks35 and s36 to key control center 12. By 
registering these third secret-keys, the secondary copy- 
right of primary users 13 Is registered into key control 
center 12. 

Those sent from primary users 13 to key control 
center 12 at this time are a plurality of third secret-keys 
Ks34, Ks35 and Ks36 of which number corressponds to 
thee number of produced plural primary editorial data, 
and also the nunriber of third secret-keys, second secret- 
keys Ks24, Ks25 and Ks26, original data name, informa- 
tion concerning other linking original data, access path 
to original data used, application programs used for orig- 
inal data M 1 1 , M 1 2 and M 1 3 and outlined explanation of 
copyright works. 

Key control center 1 2 that has received a plurality of 
third seaet-keys Ks34, Ks35 and Ks36 prepares copy- 
right labels l_c34, Lc35 and Lc36 corresponding toa plu- 
rality of primary ^itorial data using original data name, 
information concerning other linking original data, 
access path to original data used, application programs 
used for original data Mil , M1 2 and Ml 3 and outlined 
explanation of copyright wort<s. 

At this time, the linkage between newly produced 
prinnary editorial data M34, M35 and M36 and original 
data Mil, M12 and M13 is released. At the time the link- 
age is released, the entity off the original data that has 
had so far only relationship as the linkage with primary 
editorial data M34. M35 and M36 is thus entbedded into 
newly produced primary editorial data M34, M35 and 
M36. By this, it becomes possible to practice the second- 
ary copyright of encrypted primary editorial data 
Cm34ks34. Cm35ks35 and Cm36ks36 provided for sec- 
ondary users 19. 

The secondary users 1 9 who require to use provided 
encrypted primary editorial data, for example, M34 
request key control center 12 for distributing third seaet- 
key Ks34, 

Key control center 12 that has received the 
request for distributing third secret-key Ks 34 distributes 
the third seaet-key Ks34 to secondary users 19 through 
network 14. 

The secondary users 19 who have received third 
secret-keys Ks3 decrypt encrypted primary editorial data 
Cm34ks34 

M34 = E (Ks34. Cm34ks34) 
and use it. 

Original data copyright owner or primary editorial 
data owner can change the access path by applying to 
key control center 12. 

Original data copyright owner or primary ecfitorial 
data owner can also edit (revise) data using other keys 
as well as to use third secret-keys. 



Claims 

1 . A data copyright management system used for pro- 
ducing new data by editing a plurality of encrypted 

5 data, wherein 

a first user obtains a plurality of encrypted 
data from a datattase and deaypts said data by 
using a crypt key supplied from said database; 
new data is produced by editing said data 
10 deaypted; 

sakj first user supplies both a crypt key for 
each of saki plurality of enaypted data and edition 
program with digital signature as a use permit key 
to a second user; 
IS said second user who receives the edited and 

encrypted data request use of saki data by present- 
ing tiie edition program with digital signature to a 
copyright management center; and 

sakJ copyright management center klentif les 
20 the first user as an editor with the digital signature, 
and provkfes said second user with the crypt key for 
use when the editor is confirmed bing the first user. 

2. A data copyright management system conprising a 
25 database and a key control center, and for managing 

copyrights when a primary user edits primary copy- 
righted data which Is obtained, and supplies second- 
ary copyrighted data obtained through editing to a 
secondary user, wherein 

30 said primary copyrighted data is encrypted by 

using a first use permit key and then supplied to said 
primary user; 

said key control center distrbutes said use 
permit key to said primary user when said primary 

35 user wishing to use said primary copyrighted data 
requests distribution of said first use permit key to 
said key control center; 

sakl primary user decrypts said primary cop- 
yrighted data for primary use by using sakI distrib- 

40 uted first use permit key; 

said primary user wishing to edit said primary 
copyrighted data is distributed with a second use 
permit key for editing said primary copyrighted data 
from said key control center, and edits sakJ primary 

45 copyrighted data by using said distributed second 
use pennit key. said copyrighted data during editing 
being enaypted and stored by using said second 
use permit key; 

said primary user who completes editing is 

50 distributed from said key control center with a ttiird 
use permit key for distributing the edited data, and 
supplies said edited data to a secondary user after 
encrypting said edited data by using said tiiird use 
permit key; and 

55 said secondary user wishing to use said sec- 

ondary copyrighted data Is distributed with said third 
use permit key from said key control center, and 
decrypts said secondary copyrighted data by using 
said distributed third use permit key for use. 
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3, The data copyright management system according 
to claim 1, wherein editing of said primary copy- 
righted data by said primary user rs performed on a 
copy of said primary copyrighted data. 
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FIG. 1 
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FIG. 4 
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